Subject: | |
From: | |
Reply To: | |
Date: | Wed, 18 Mar 2020 17:55:46 +0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Ah, I found the issue!
Our security repoclosure scripts are a bit too targeted=.
Alas, TUV doesn't appear to publish the source for their actual kpatch packages up at git.centos.org so we will not be able to replicate those. I was a bit hopeful that they would appear over time, but it appears not.
I'll look into retracting the broken package and pulling it off the site (and dropping it into obsoletes). For now I'd recommend removing the package from any system where having it blocks the kernel updates.
kpatch-patch-3_10_0-1062_12_1-0-0.el7.x86_64.rpm will be retracted "shortly" with an announcement sent out to scientific-linux-errata.
Then to update the autobuild scripts.....
Thanks for the report!!!
Pat
--
Pat Riehecky
Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org
________________________________________
From: Mailing list for Scientific Linux users worldwide <[log in to unmask]> on behalf of Patrick Riehecky <[log in to unmask]>
Sent: Wednesday, March 18, 2020 12:30 PM
To: scientific-linux-users
Subject: Re: [SCIENTIFIC-LINUX-USERS] EXT: Security ERRATA Important: kernel on SL7.x x86_64
Interesting..... I didn't see this in the internal repoclosures. I'll have to take a closer look to see what makes the most sense.
Pat
--
Pat Riehecky
Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org
________________________________________
From: Mailing list for Scientific Linux users worldwide <[log in to unmask]> on behalf of Peed, Andrew (GE Healthcare) <[log in to unmask]>
Sent: Wednesday, March 18, 2020 10:05 AM
To: scientific-linux-users
Subject: Re: [SCIENTIFIC-LINUX-USERS] EXT: Security ERRATA Important: kernel on SL7.x x86_64
Hi,
When I update my repository with this kernel package update, I get the following error from repoclosure:
package: kpatch-patch-3_10_0-1062_12_1-0-0.el7.x86_64
unresolved deps:
kernel = 0:3.10.0-1062.12.1.el7
kpatch-patch is self-described in the SPEC file as being an empty package that provides a method to subscribe to the kpatch stream for kernel-3.10.0-1062.12.1.el7 (the previous version), and has an explicit requirement for that version.
Does SL plan to update this package, or will we need to so that we can get a clean repoclosure?
Thanks,
-- Andy
-----Original Message-----
From: [log in to unmask] <[log in to unmask]> On Behalf Of Farhan Ahmed
Sent: Tuesday, March 17, 2020 4:43 PM
To: [log in to unmask]
Subject: EXT: Security ERRATA Important: kernel on SL7.x x86_64
Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: SLSA-2020:0834-1
Issue Date: 2020-03-17
CVE Numbers: CVE-2019-11487
CVE-2019-17666
CVE-2019-19338
--
Security Fix(es):
* kernel: Count overflow in FUSE request leading to use-after-free issues.
(CVE-2019-11487)
* kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666)
* Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA
(CVE-2019-11135) (CVE-2019-19338)
Bug Fix(es):
* SL7.7 - default idle mishandles lazy irq state
* Sanitize MM backported code for SL7
* A bio with a flush and write to an md device can be lost and never complete by the md layer
* [FJ7.7 Bug]: [REG] Read from /proc/net/if_inet6 never stop.
* SL7.7 - zfcp: fix reaction on bit error threshold notification
* SL7.7 Snapshot3 - Kernel Panic when running LTP mm test on s390x
* Leak in cachefiles driver
* VFS: Busy inodes after unmount of loop0 when encountering duplicate directory inodes
* Allocation failure in md's r10buf_pool_alloc function leads to a crash from accessing uninitialized pointers
* [Hyper-V][SL7.6]Hyper-V guest waiting indefinitely for RCU callback when removing a mem cgroup
* A bnx2fc abort attempt doesn't timeout from miscalculation causing a huge timeout value
* scsi: libiscsi: fall back to sendmsg for slab pages
* SL7.7 - kernel: avoid cpu yield in SMT environment
* SL7.6 - kernel: jump label transformation performance
* drm radeon power management warning on VERDE cards
* Duplicate enum value in include/linux/blk_types.h
* [HPE 7.7 Bug] hpsa: bug fix for reset issue
* System Crash on vport creation (NPIV on FCoE)
* [Hyper-V][SL 7.8] Four Mellanox Patches needed for kernels that have that have SRIOV
* WARNING: CPU: 7 PID: 2049 at mm/slub.c:2296 ___slab_alloc+0x508/0x520
* fio with ioengine=pmemblk on fsdax failed
* [HPE 7.7 Bug] hpsa: bug fixes
* perf top -p PID does not show anything
* Delay in RT task scheduled. Incorrect nr_scheduled value.
* A directory on a gfs2 filesystem appears corrupt on nodeB after nodeA renames the directory
* ixgbevf interface goes down on hypervisor and causes outage
* Can't enable virt-ssbd on some AMD hosts
* [HPEMC 7.8 BUG] x86/boot/64: Avoid mapping reserved ranges in early page tables
Enhancement(s):
* scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show'
--
SL7
x86_64
bpftool-3.10.0-1062.18.1.el7.x86_64.rpm
bpftool-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-debug-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-devel-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-headers-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-tools-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1062.18.1.el7.x86_64.rpm
perf-3.10.0-1062.18.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
python-perf-3.10.0-1062.18.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-1062.18.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1062.18.1.el7.x86_64.rpm
noarch
kernel-abi-whitelists-3.10.0-1062.18.1.el7.noarch.rpm
kernel-doc-3.10.0-1062.18.1.el7.noarch.rpm
- Scientific Linux Development Team
|
|
|